Anti-U?E Index Chris' Home Page

Anti-UCE: SMTPD


Note: This is not a comprehensive introduction to SMTPD. Please see Obtuse Systems Corporation's SMTPD page for information on how to obtain SMTPD and documentation on how it operates. This page is no substitute for reading the documentation that comes with the package.
# Format of rules:
# action : originating-IP : from-address : to-address : error (if applicable)
#
# Note:  The first matching line is the action taken.
#
##############################################################################
#           INTERNAL NETWORK, ALWAYS OK
##############################################################################
# Allow anything from the internal network.  This is my small group
# of machines that sit behind my firewall;  they are all trusted and
# always allowed to send E-mail.
allow:172.16.100.0/22:ALL:ALL
# Allow anything to POSTMASTER or ABUSE (even sites which are blocked
# are allowed to contact those accounts here).
allow:ALL:ALL:postmaster@stassen.com abuse@stassen.com

##############################################################################
#           NEXTEK, DISALLOW RELAYING
##############################################################################
# Deny NexTek relaying.  NexTek is my ISP and there is a mailbox there
# that forwards to this site.  It is okay for NexTek admins to use that
# address, but nobody else uses it.  (All non-NexTek mail coming from
# their class-C block is spam.)
noto_delay:206.230.23.0/24:ALL EXCEPT *@nextek.net:ALL:550 We don't accept non-local E-mail relayed through NexTek

##############################################################################
#           ANTI-SPAM PROVISIONS
##############################################################################
# 1. reject illegal recipients - 
# "occupant@stassen.com" is a spam-bait E-mail address that this site's users
#    may use for a "From" address in USEnet postings.
noto:ALL:ALL:occupant@stassen.com:550 Illegal recipient address %T refused.

# 2. punt problem 'FROM' addresses
#    (this first one is used for testing.)
deny_delay:ALL:sir-spamalot:ALL:551 Mail from %F refused due to spamming (%H [%I]).
deny_delay:ALL:*@savetrees.com:ALL:551 Mail from %F refused due to spamming (%H [%I]).

# 3. punt illegal 'FROM' addresses
noto_delay:ALL:NS=UNKNOWN:ALL:550 Your from address (%F) appears to be a bad address.  Please mail to %T from a valid address (%H [%I]).

# 4. disallow all-number user-ids (but not all-numeric domains)
noto_delay:ALL:/^[0-9]+@.*$/:ALL:550 All-numeric from addresses (%F) are not accepted here (%H [%I]).

# 5. disallow major spammers by originating IP address
# Each spammer gets three rules:
#   (a) Denies direct connections from the spammer's netblock
#   (b) Denies connections from sites whose DNS is served by the spammer's netblock
#   (c) Denies 'FROM' addresses whose DNS is served by the spammer's netblock
#
#   208.219.218 - taizen (grandbikes, etc.)
noto_delay:208.219.218.0/24:ALL:ALL:550 spammer TAIZEN banned (%H [%I]).
noto_delay:NS=208.219.218.0/24:ALL:ALL:550 spammer TAIZEN banned (%H [%I]).
noto_delay:ALL:NS=208.219.218.0/24:ALL:550 spammer TAIZEN banned (%H [%I]).
#
#   IP - TEMPLATE
#noto_delay:<IP>0/24:ALL:ALL:550 <N> banned (%H [%I]).
#noto_delay:NS=<IP>0/24:ALL:ALL:550 <N> banned (%H [%I]).
#noto_delay:ALL:NS=<IP>0/24:ALL:550 <N> banned (%H [%I]).

##############################################################################
#           ANTI-RELAY PROVISIONS
##############################################################################
# 1. Don't allow multi-part paths (!/%/@@)
noto_delay:ALL:ALL:*%*@*:551 Sorry %H [%I], I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.
noto_delay:ALL:ALL:*!*@*:551 Sorry %H [%I], I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.
noto_delay:ALL:ALL:*@*@*:551 Sorry %H [%I], I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.
#
# 2. allow all E-mail that is destined to this domain
allow:ALL:ALL:*@stassen.com
#
# 3. deny everything else
noto_delay:ALL:ALL:ALL:551 Sorry %H [%I], I don't allow unauthorized relaying. Please use another SMTP host to mail from %F to %T

Anti-U?E Index Chris' Home Page